aws的iam

 

 

1、创建一个策略:允许特定 VPC 访问所有 SQS 队列,同时拒绝其他所有 VPC 的访问。

{
    "Version": "2012-10-17",
    "Id": "VPCAccessWithConsole",
    "Statement": [
        {
            "Sid": "AllowFromSpecificVPC",
            "Effect": "Allow",
            "Action": "sqs:*",
            "Resource": "arn:aws:sqs:us-west-2:647746915152:*",
            "Condition": {
                "StringEquals": {
                    "aws:SourceVpc": "vpc-0124a0037bb04754a"
                }
            }
        },
        {
            "Sid": "ExplicitDenyConsoleAndOthers",
            "Effect": "Deny",
            "Action": "sqs:*",
            "Resource": "arn:aws:sqs:us-west-2:647746915152:*",
            "Condition": {
                "StringNotEquals": {
                    "aws:SourceVpc": "vpc-0124a0037bb04754a"
                }
            }
        }
    ]
}

 

posted @ 2025-11-12 13:56  苦逼yw  阅读(4)  评论(0)    收藏  举报